mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code
b9e0e40607
openvpn/doc
History
Selva Nair b9e0e40607 Option --cryptoapicert: support issuer name as a selector 
- Certificate selection string can now specify a partial
  issuer name string as "--cryptoapicert ISSUER:<string>" where
  <string> is matched as a substring of the issuer (CA) name in
  the certificate.

  Partial case-insensitive matching against the "issuer name" is
  used. Here "issuer name" is a text representation of the RDN's
  separated by commas.

  E.g., "CA, Ontario, Toronto, Acme Inc., IT, Acme Root CA".

  See MSDN docs on CertFindCertificateInStore() with CERT_FIND_ISSUER_STR
  as "FindType" for more details.

  As the order of RDN's is not well-defined[*] and type names like "OU"
  or "CN" are not included, its best to match against a single attribute
  like the CN of the issuer:

  E.g., --cryptoapicert "ISSUER:Acme Root"

[*] Windows appears to order RDN's in the reverse order to which
its written in the certificate but do not rely on this.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230128223421.2207802-2-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26092.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2023-02-14 16:23:00 +01:00
..
doxygen Implement stateless HMAC-based sesssion-id three-way-handshake 2022-05-05 12:12:55 +02:00
man-sections Option --cryptoapicert: support issuer name as a selector 2023-02-14 16:23:00 +01:00
tests sample-plugin: New plugin for testing multiple auth plugins 2022-03-15 16:29:22 +01:00
android.txt Update android.txt to reflect more recent changes. 2022-09-12 09:10:23 +02:00
gui-notes.txt Document common uses of 'echo' directive, re-enable logging for 'echo'. 2021-01-20 20:18:07 +01:00
interactive-service-notes.rst Add Interactive Service developer documentation 2018-06-09 20:14:26 +02:00
keying-material-exporter.txt Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
Makefile.am Update copyright year to 2023 2023-01-10 17:24:37 +01:00
management-notes.txt Include CE_DISABLED status of remote in "remote-entry-get" response 2023-01-11 08:31:30 +01:00
openvpn-examples.5.rst Add detailed man page section to setup a OpenVPN setup with peer-fingerprint 2021-08-01 19:47:44 +02:00
openvpn.8.rst Update the last sections in the man page to a be a bit less outdated 2023-02-14 14:03:45 +01:00
README.man doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
README.plugins build: integrate plugins build into core build 2012-06-26 11:29:02 +02:00
tls-crypt-v2.txt Implement HMAC based session id for tls-crypt v2 2022-05-06 14:16:05 +02:00

README.plugins 

OpenVPN Plugins
---------------

Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:

(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address

See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.

Included Plugins
----------------

auth-pam -- Authenticate using PAM and a split privilege
            execution model which functions even if
            root privileges or the execution environment
            have been altered with --user/--group/--chroot.
            Tested on Linux only.

down-root -- Enable the running of down scripts with root privileges
             even if --user/--group/--chroot have been used
             to drop root privileges or change the execution
             environment.  Not applicable on Windows.

examples -- A simple example that demonstrates a portable
            plugin, i.e. one which can be built for *nix
            or Windows from the same source.

Building Plugins
----------------

cd to the top-level directory of a plugin, and use the
"make" command to build it.  The examples plugin is
built using a build script, not a makefile.